fix: resolve relative file paths within a local workspace root for the SendMessageToUserTool#7668
Conversation
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- Consider normalizing
path(e.g., viaPath(path).resolve()or similar) before checkingisabsand composing withworkspace_rootto avoid subtle issues with..segments or mixed separators. - If
workspace_root(unified_msg_origin)can fail or return an invalid path, it might be worth adding a guard or error handling to avoid raising when doingws_path / path.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- Consider normalizing `path` (e.g., via `Path(path).resolve()` or similar) before checking `isabs` and composing with `workspace_root` to avoid subtle issues with `..` segments or mixed separators.
- If `workspace_root(unified_msg_origin)` can fail or return an invalid path, it might be worth adding a guard or error handling to avoid raising when doing `ws_path / path`.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
There was a problem hiding this comment.
Code Review
This pull request introduces logic to resolve relative file paths within a workspace root for the SendMessageToUserTool. A security concern was identified regarding potential path traversal attacks; the current implementation does not prevent access to files outside the workspace if the input path contains parent directory references. It is recommended to resolve the path and verify its location relative to the workspace root.
Added comments to clarify path resolution logic.
|
@gemini-code-assist /gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces logic to resolve relative file paths within a user's workspace root. A security vulnerability was identified where malicious relative paths could bypass workspace boundaries and access the host's filesystem via path traversal. The feedback suggests strictly resolving relative paths within the workspace and using file-specific checks to prevent unauthorized access.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
问题描述
send_message_to_user发送文件时,传入相对路径(如filename.md)会先尝试绝对路径失败,再试绝对路径才成功,浪费 token。修复方案
在
_resolve_path_from_sandbox方法中,当 path 是相对路径时,先尝试解析到 workspace 目录下检查文件是否存在。同时添加了 path 安全检查,防止..等路径遍历问题。Related Issue
Fixes #7632
Summary by Sourcery
Bug Fixes: